passwordcheck: Log cracklib diagnostics

When calling cracklib to check the password, the diagnostic from
cracklib was thrown away.  This would hide essential information such
as no dictionary being installed.  Change this to show the cracklib
error message using errdetail_log().

Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Laurenz Albe <laurenz.albe@cybertec.at>
Discussion: https://www.postgresql.org/message-id/flat/f7266133-618a-0adc-52ef-f43c78806b0e%402ndquadrant.com

diff --git a/contrib/passwordcheck/passwordcheck.c b/contrib/passwordcheck/passwordcheck.c
index d5f9d14b01095383cb6ad1435914f73e8a136309..70f056232fe72d6c4b97f8b86069c66a299f7e8d 100644 (file)
--- a/contrib/passwordcheck/passwordcheck.c
+++ b/contrib/passwordcheck/passwordcheck.c
@@ -91,6 +91,9 @@ check_password(const char *username,
        int         i;
        bool        pwd_has_letter,
                    pwd_has_nonletter;
+#ifdef USE_CRACKLIB
+       const char *reason;
+#endif
 
        /* enforce minimum length */
        if (pwdlen < MIN_PWD_LENGTH)
@@ -125,10 +128,11 @@ check_password(const char *username,
 
 #ifdef USE_CRACKLIB
        /* call cracklib to check password */
-       if (FascistCheck(password, CRACKLIB_DICTPATH))
+       if ((reason = FascistCheck(password, CRACKLIB_DICTPATH)))
            ereport(ERROR,
                    (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
-                    errmsg("password is easily cracked")));
+                    errmsg("password is easily cracked"),
+                    errdetail_log("cracklib diagnostic: %s", reason)));
 #endif
    }